3GPP has introduced Private 5G to support the next-generation industrial automation system (IAS) due to the versatility and flexibility of 5G architecture. Besides the 3.5GHz CBRS band, unlicensed spectrum bands, like 5GHz, are considered as an additional medium because of their free and abundant nature. However, while utilizing the unlicensed band, industrial equipment must coexist with incumbents, e.g., Wi-Fi, which could introduce new security threats and resuscitate old ones. In this paper, we propose a novel attack strategy conducted by a mobility-enabled malicious Wi-Fi access point (mmAP), namely \textit{PACMAN} attack, to exploit vulnerabilities introduced by heterogeneous coexistence. A mmAP is capable of moving around the physical surface to identify mission-critical devices, hopping through the frequency domain to detect the victim's operating channel, and launching traditional MAC layer-based attacks. The multi-dimensional mobility of the attacker makes it impervious to state-of-the-art detection techniques that assume static adversaries. In addition, we propose a novel Markov Decision Process (MDP) based framework to intelligently design an attacker's multi-dimensional mobility in space and frequency. Mathematical analysis and extensive simulation results exhibit the adverse effect of the proposed mobility-powered attack.

翻译：3GPP因5G架构的多功能性与灵活性，在工业自动化系统（IAS）中引入私有5G以支持下一代工业自动化系统。除3.5GHz CBRS频段外，5GHz等非授权频谱因其免费且丰富的特性被视作补充媒介。然而，在利用非授权频段时，工业设备必须与现有系统（如Wi-Fi）共存，这可能引入新的安全威胁并复活旧有威胁。本文提出一种由具备移动能力的恶意Wi-Fi接入点（mmAP）实施的攻击策略——即PACMAN攻击——利用异构共存引入的脆弱性。mmAP能够在物理表面移动以识别关键任务设备，通过频率域跳变检测受害者工作信道，并发动传统MAC层攻击。攻击者的多维移动性使其能够抵御假定对手静止的现有检测技术。此外，我们提出一种基于马尔可夫决策过程（MDP）的新型框架，智能设计攻击者在空间与频率上的多维移动策略。数学分析与大量仿真结果表明，所提出的移动性驱动攻击具有显著的负面影响。